Apple-supported CLOUD Act passes Congress, will change how governments share data

Posted:
in General Discussion
The Clarifying Lawful Overseas Use of Data (CLOUD) Act, a piece of legislation that would change international rules about sharing of data among governments, passed Congress Thursday, as part of the omnibus spending bill, and the president signed it into law.




The spending bill -- the text of which runs more than 2,000 pages -- is mostly significant because it adds domestic and military spending prioritized by both parties, while also averting a government shutdown at least until September. But another part of the bill is the CLOUD Act (S. 2383 and H.R. 4943), a measure pushed by Apple and other tech industry giants but strongly opposed by privacy advocates. It was originally a separate bill but has been folded into the larger spending measure.

President Trump, despite using his Twitter account Friday morning to threaten a veto of the bill because of its lack of a solution on DACA and because Trump's border wall was not fully funded, signed the bill later in the day.

Getting to know the CLOUD Act

The CLOUD Act part, according to the text in its Senate version, would "improve law enforcement access to data stored across borders, and for other purposes." At issue is what happens in the increasingly frequent instance in which law enforcement in one country is seeking data held on a cloud server in another country.

The bill would give the executive branch, specifically the Department of Justice, new powers to enter into information-sharing agreements with foreign governments. As of now, if a foreign law enforcement entity wishes to obtain data from a U.S.-based tech company, that government must have a specific mutual legal assistance treaty (MLAT) with the U.S., the kind that must be ratified by Congress. The CLOUD Act removes that provision, while also no longer requiring the need for a judge to sign off on such requests. It would allow the DOJ to enter into such agreements without the approval of Congress or the courts.

Apple had pushed for the CLOUD Act, signing a letter to its four Senate cosponsors last month along with tech giants Facebook, Google, Microsoft and Oath (the Verizon subsidiary that owns AOL and Yahoo.) The letter, to Sens. Orrin Hatch (R-UT), Lindsey Graham (R-SC), Sheldon Whitehouse (D-RI) and Christopher Coons (D-CT), states that the legislation "reflects a growing consensus in favor of protecting Internet users around the world and provides a logical solution for governing cross-border access to data. Introduction of this bipartisan legislation is an important step toward enhancing and protecting individual privacy rights, reducing international conflicts of law and keeping us all safer."

The bill would also institute "mechanisms to notify foreign governments when a legal request implicates their residents, and to initiate a direct legal challenge when necessary," the letter said.




Part of the impetus for the bill was US v. Microsoft, a case that was argued last month in the U.S. Supreme Court. In the case, law enforcement sought the emails of someone who had a Microsoft email account that was hosted on servers located in a data center in Ireland, and Microsoft took the position that law enforcement would need Ireland's permission to access it. The case concerns a more than 30-year-old law called the Stored Communications Act. The Supreme Court has not yet issued its ruling on the case.

The Opposition


However, some privacy and civil liberties advocates have registered their strong opposition to the measure. The Electronic Frontier Foundation (EFF) has denounced the CLOUD Act as "a new, proposed backdoor to our data, which would bypass our Fourth Amendment protections to communications privacy." The American Civil Liberties Union (ACLU) calls it "a sinister piece of legislation" that "threatens activists abroad, individuals here in the U.S., and would empower Attorney General Sessions in new disturbing ways." The ACLU also argued that the bill could allow foreign governments to more easily crack down on political opponents, especially marginalized people.

The bill is opposed by a coalition that includes more than 20 groups, including the EFF, ACLU, Amnesty International USA, the People for the American Way, Human Rights Watch and National Association of Criminal Defense Lawyers. A letter from the coalition also alleges that the bill, for the first time, would "allow foreign governments to obtain the assistance of U.S. companies for obtaining real-time intercepts of their users' communications."

The EFF, ACLU and other groups opposing the bill had warned for weeks that the CLOUD Act would be passed without markup, committee hearings or debate and folded into a must-pass spending bill, which is indeed exactly what happened.

Microsoft, Apple and the other firms pushing for the CLOUD Act are supporting it in order to make it easier for them to do business worldwide, in part by not putting the tech companies at odds with foreign governments. The letter from Apple and the other companies stated that the CLOUD Act "would require baseline privacy, human rights and rule of law standards in order for a country to enter into an agreement" and would "ensure customers and data holders are protected by their own laws and that those laws are meaningful."

The bill passed the same week that the mishandling of data by Facebook, in regards to Cambridge Analytica, led to a major brouhaha that set off rage beyond the realm of privacy activists and sent the company into damage control mode.

What Comes Next

The passage of the CLOUD Act has various potential implications for Apple users. If they're in a foreign country and use Apple devices or messaging in any type of anti-government manner, the bill is likely not good news for them. That's also the case for those generally distrustful of the present government, future governments, or governments in general.

The omnibus spending bill was passed quickly and with limited debate in the House, by a vote of 256-167, while the Senate passed it late Thursday night by a vote of 65-32. There was no vocal opposition raised in Congress to the CLOUD Act portion of the bill, although Sen. Rand Paul (R-KY) objected to many of the spending provisions, and Jim Risch (R-ID) threatened to block the bill because of a provision that would have named a wilderness area in Idaho after a longtime political enemy of his.

Comments

  • Reply 1 of 10
    DAalsethDAalseth Posts: 270member
    Interesting. I understand why Apple came down on the side they did. But after reading this, quite balanced, article I gotta say I side with the EFF and ACLU et.al. This is not good. It goes against Apple's stated interest in protecting user privacy. It allows a race to the bottom for user privacy and protection of political dissidents.
    magman1979minicoffeepg4g0001StrangeDaysgeorgie01baconstang[Deleted User]jony0
  • Reply 2 of 10
    bloggerblogbloggerblog Posts: 1,780member
    The overnumerousness of the pages is meant to hide laws that otherwise won't pass if someone actually got to reading them.
    magman1979lordjohnwhorfintallest skilbaconstang[Deleted User]
  • Reply 3 of 10
    mac_dogmac_dog Posts: 580member
    There goes even more of our constitutional rights.
    StrangeDaystallest skil[Deleted User]
  • Reply 4 of 10
    jdwjdw Posts: 632member
    Apple takes a strong defensive stand for your privacy and data security, until such a time that Apple's business interests supersede their support of your privacy and data security.

    Most of us are here because we love Apple products and by-and-large Apple as a company.  But that does not mean we ought to submit ourselves in blind worship.  We can indeed enjoy and sing the praises of the superiority of Apple's design aesthetic and device functionality, but we must always keep both eyes open.  Apple's protection of you ends when that protection conflicts with their business interests.  This remains true despite Tim Cook's own words about privacy and about never giving "back door access" away, even to law enforcement.  This is not merely a guess or personal opinion.  The article itself is proof of it.
    pg4g0001gatorguyStrangeDays[Deleted User]
  • Reply 5 of 10
    Oh oh 
    edited March 23
  • Reply 6 of 10
    asciiascii Posts: 5,850member
    It should be OK as long as data sharing agreements are only make with other democracies. If another democracy is asking about someone they probably really are a criminal, but if a totalitarian system is asking about someone weeeeelll, you just don't know.
  • Reply 7 of 10
    StrangeDaysStrangeDays Posts: 5,615member
    ascii said:
    It should be OK as long as data sharing agreements are only make with other democracies. If another democracy is asking about someone they probably really are a criminal, but if a totalitarian system is asking about someone weeeeelll, you just don't know.
    What a strange assumption to make. I dont inherently trust our law enforcement/spy agencies just because we’re a republic. Especially with people like Sessions at the helm. Remember, J. Edgar Hoover set the FBI spy apparatus onto civil rights leaders out of spite, including trying to blackmail MLK into suicide. Not nice guys, land of the free or not. 
    edited March 23 bonobobbaconstang[Deleted User]
  • Reply 8 of 10
    SpamSandwichSpamSandwich Posts: 29,902member
    What in the world was Tim Cook thinking?
  • Reply 9 of 10
    tallest skiltallest skil Posts: 43,399member
    Amendment I said:
    Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
    Amendment IV said:
    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
    Oh, that’s funny. I just used AI’s formatting, which leaves “said” instead of “says.” That’s fitting.
    Remember, J. Edgar Hoover set the FBI spy apparatus onto civil rights leaders out of spite, including trying to blackmail MLK into suicide. Not nice guys, land of the free or not. 

    The individual is handicapped by coming face-to-face with a conspiracy so monstrous he cannot believe it exists. The American mind simply has not come to the realization of the evil which has been introduced into our midst. He rejects even the assumption that human creatures could espouse a philosophy which must ultimately destroy all that is good and decent. – J. Edgar Hoover

    SpamSandwich
  • Reply 10 of 10
    I don't think foreign customers have much to worry about yet, this bill only allows law enforcement within the US to bypass their own government to REQUEST access to data overseas - they still have to adhere to and follow international law and the laws of whatever country they are trying to access. So for the Microsoft vs US case, it wouldn't change anything really.
Sign In or Register to comment.